java sardine over ssl
문제
i'm trying sardine to make a webdav client, but it doesn't connect to my https server. in the usageguide say this about ssl http://code.google.com/p/sardine/wiki/UsageGuide#SSL but i dont know how to provide my custom Http client with my keystore.
i get this error.
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:941) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:919) at com.googlecode.sardine.impl.SardineImpl.execute(SardineImpl.java:684) at com.googlecode.sardine.impl.SardineImpl.list(SardineImpl.java:339) at com.googlecode.sardine.impl.SardineImpl.getResources(SardineImpl.java:326) at sardine.main(sardine.java:15)
How can i set up?
해결책
Pretty simple example (for http://mydrive.net and Linux):
- download cert from mydrive.net with OpenSSL
- openssl s_client -connect webdav.mydrive.ch:443 > mydrive.net.crt
- remove all stuff except of between BEGIN and END (inclusive) in mydrive.net.crt file
- generate a new keystore:
- keytool -genkey -alias dummy -keyalg RSA -keystore /etc/ssl/certs/java/yourKeyStore.jks -keysize 2048
- use a secure passphrase
- Remove unused generated certificate
- keytool -delete -alias dummy -keystore /etc/ssl/certs/java/yourKeyStore.jks
- Import cert from mydrive.net
- keytool -import -trustcacerts -alias mydrive.net -keystore /etc/ssl/certs/java/kyourKeyStore.jks -file ./mydrive.net.crt
- Verify import:
- keytool -list -keystore /etc/ssl/certs/java/yourKeyStore.jks
- add Java Parameter for keystore
- JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/yourKeyStore.jks"
- Restart JVM
Now you can use Sardine without overwrite or reimplement methods. Just use
Sardine sardine = SardineFactory.begin(username, password);
List<DavResource> resources = sardine.list("https://webdav.mydrive.ch/");
Tip: Make sure to use the correct cert. MyDrive has several certs for example
다른 팁
Store the keystore(s) as raw resources, load them and use them to initialize SSLSocketFactory. You can than use it instantiate an HttpClient
. To plug in into Sardine you need to override the method they specify in the Wiki to return your customized HttpClient
instance.